Vulnerability Scan Report for registry.suse.com/bci/bci-init:15.4.29.48
Systemd environment for containers based on the SLE Base Container Image. This container is only supported with podman.
Last scanned on: October 03, 2024 11:40
Systemd environment for containers based on the SLE Base Container Image. This container is only supported with podman.
Last scanned on: October 03, 2024 11:40
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
perl-base | HIGH | fixed |
Security update for perl Vulnerability ID: SUSE-SU-2024:1762-1 Installed Version: 5.26.1-150300.17.14.1 Fixed Version: 5.26.1-150300.17.17.1 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) |
||
rpm-ndb | MEDIUM | fixed |
Security update for rpm Vulnerability ID: SUSE-SU-2024:1557-1 Installed Version: 4.14.3-150300.55.1 Fixed Version: 4.14.3-150400.59.16.1 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) |
||
shadow | MEDIUM | fixed |
Security update for shadow Vulnerability ID: SUSE-SU-2024:2658-1 Installed Version: 4.8.1-150400.10.9.1 Fixed Version: 4.8.1-150400.10.18.1 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). |
||
shadow | LOW | fixed |
Security update for shadow Vulnerability ID: SUSE-SU-2023:4024-1 Installed Version: 4.8.1-150400.10.9.1 Fixed Version: 4.8.1-150400.10.12.1 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). |
||
suse-build-key | UNKNOWN | fixed |
Security update for suse-build-key Vulnerability ID: SUSE-SU-2023:4672-1 Installed Version: 12.0-150000.8.31.1 Fixed Version: 12.0-150000.8.37.1 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc |